﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Text.RegularExpressions;

namespace CommonLib
{
    /// <summary>
    /// sql语句过滤
    /// </summary>
    public class SqlFilter
    {
        /// <summary>
        /// sqlserver语句过滤，返回过滤后的字符串
        /// </summary>
        /// <param name="str">传入字符串</param>
        /// <returns>返回过滤后的字符串</returns>
        public static string Filter(string str)
        {
            //关键字
            List<string> patternList = new List<string>() { "select", "insert", "delete", "from", "declare", "execute","count\\(", "drop", "update", "truncate", "asc\\(", "mid\\(", "char\\(", "xp_cmdshell", "exec", "netlocalgroup administrators", "net user", "or", "and" };
            //特殊符号
            patternList.AddRange(new List<string> { "--", "'"});

            foreach (string item in patternList)
            {
                str= Regex.Replace(str, item, "", RegexOptions.IgnoreCase);
            }
            return str;
        }
    }
}
